
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="zh_Hans">
  <head>
    <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Django 1.9.2 release notes &#8212; Django 3.2.6.dev 文档</title>
    <link rel="stylesheet" href="../_static/default.css" type="text/css" />
    <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
    <script type="text/javascript" id="documentation_options" data-url_root="../" src="../_static/documentation_options.js"></script>
    <script type="text/javascript" src="../_static/jquery.js"></script>
    <script type="text/javascript" src="../_static/underscore.js"></script>
    <script type="text/javascript" src="../_static/doctools.js"></script>
    <script type="text/javascript" src="../_static/language_data.js"></script>
    <link rel="index" title="索引" href="../genindex.html" />
    <link rel="search" title="搜索" href="../search.html" />
    <link rel="next" title="Django 1.9.1 release notes" href="1.9.1.html" />
    <link rel="prev" title="Django 1.9.3 release notes" href="1.9.3.html" />



 
<script src="../templatebuiltins.js"></script>
<script>
(function($) {
    if (!django_template_builtins) {
       // templatebuiltins.js missing, do nothing.
       return;
    }
    $(document).ready(function() {
        // Hyperlink Django template tags and filters
        var base = "../ref/templates/builtins.html";
        if (base == "#") {
            // Special case for builtins.html itself
            base = "";
        }
        // Tags are keywords, class '.k'
        $("div.highlight\\-html\\+django span.k").each(function(i, elem) {
             var tagname = $(elem).text();
             if ($.inArray(tagname, django_template_builtins.ttags) != -1) {
                 var fragment = tagname.replace(/_/, '-');
                 $(elem).html("<a href='" + base + "#" + fragment + "'>" + tagname + "</a>");
             }
        });
        // Filters are functions, class '.nf'
        $("div.highlight\\-html\\+django span.nf").each(function(i, elem) {
             var filtername = $(elem).text();
             if ($.inArray(filtername, django_template_builtins.tfilters) != -1) {
                 var fragment = filtername.replace(/_/, '-');
                 $(elem).html("<a href='" + base + "#" + fragment + "'>" + filtername + "</a>");
             }
        });
    });
})(jQuery);</script>

  </head><body>

    <div class="document">
  <div id="custom-doc" class="yui-t6">
    <div id="hd">
      <h1><a href="../index.html">Django 3.2.6.dev 文档</a></h1>
      <div id="global-nav">
        <a title="Home page" href="../index.html">Home</a>  |
        <a title="Table of contents" href="../contents.html">Table of contents</a>  |
        <a title="Global index" href="../genindex.html">Index</a>  |
        <a title="Module index" href="../py-modindex.html">Modules</a>
      </div>
      <div class="nav">
    &laquo; <a href="1.9.3.html" title="Django 1.9.3 release notes">previous</a>
     |
    <a href="index.html" title="Release notes" accesskey="U">up</a>
   |
    <a href="1.9.1.html" title="Django 1.9.1 release notes">next</a> &raquo;</div>
    </div>

    <div id="bd">
      <div id="yui-main">
        <div class="yui-b">
          <div class="yui-g" id="releases-1.9.2">
            
  <div class="section" id="s-django-1-9-2-release-notes">
<span id="django-1-9-2-release-notes"></span><h1>Django 1.9.2 release notes<a class="headerlink" href="#django-1-9-2-release-notes" title="永久链接至标题">¶</a></h1>
<p><em>February 1, 2016</em></p>
<p>Django 1.9.2 fixes a security regression in 1.9 and several bugs in 1.9.1. It
also makes a small backwards incompatible change that hopefully doesn't affect
any users.</p>
<div class="section" id="s-security-issue-user-with-change-but-not-add-permission-can-create-objects-for-modeladmins-with-save-as-true">
<span id="security-issue-user-with-change-but-not-add-permission-can-create-objects-for-modeladmins-with-save-as-true"></span><h2>Security issue: User with &quot;change&quot; but not &quot;add&quot; permission can create objects for <code class="docutils literal notranslate"><span class="pre">ModelAdmin</span></code>’s with <code class="docutils literal notranslate"><span class="pre">save_as=True</span></code><a class="headerlink" href="#security-issue-user-with-change-but-not-add-permission-can-create-objects-for-modeladmins-with-save-as-true" title="永久链接至标题">¶</a></h2>
<p>If a <code class="docutils literal notranslate"><span class="pre">ModelAdmin</span></code> uses <code class="docutils literal notranslate"><span class="pre">save_as=True</span></code> (not the default), the admin
provides an option when editing objects to &quot;Save as new&quot;. A regression in
Django 1.9 prevented that form submission from raising a &quot;Permission Denied&quot;
error for users without the &quot;add&quot; permission.</p>
</div>
<div class="section" id="s-backwards-incompatible-change-py-tpl-files-rewritten-in-project-app-templates">
<span id="backwards-incompatible-change-py-tpl-files-rewritten-in-project-app-templates"></span><h2>Backwards incompatible change: <code class="docutils literal notranslate"><span class="pre">.py-tpl</span></code> files rewritten in project/app templates<a class="headerlink" href="#backwards-incompatible-change-py-tpl-files-rewritten-in-project-app-templates" title="永久链接至标题">¶</a></h2>
<p>The addition of some Django template language syntax to the default app
template in Django 1.9 means those files now have some invalid Python syntax.
This causes difficulties for packaging systems that unconditionally
byte-compile <code class="docutils literal notranslate"><span class="pre">*.py</span></code> files.</p>
<p>To remedy this, a <code class="docutils literal notranslate"><span class="pre">.py-tpl</span></code> suffix is now used for the project and app
template files included in Django. The <code class="docutils literal notranslate"><span class="pre">.py-tpl</span></code> suffix is replaced with
<code class="docutils literal notranslate"><span class="pre">.py</span></code> by the <code class="docutils literal notranslate"><span class="pre">startproject</span></code> and <code class="docutils literal notranslate"><span class="pre">startapp</span></code> commands. For example, a
template with the filename <code class="docutils literal notranslate"><span class="pre">manage.py-tpl</span></code> will be created as <code class="docutils literal notranslate"><span class="pre">manage.py</span></code>.</p>
<p>Please file a ticket if you have a custom project template containing
<code class="docutils literal notranslate"><span class="pre">.py-tpl</span></code> files and find this behavior problematic.</p>
</div>
<div class="section" id="s-bugfixes">
<span id="bugfixes"></span><h2>Bugfixes<a class="headerlink" href="#bugfixes" title="永久链接至标题">¶</a></h2>
<ul class="simple">
<li>Fixed a regression in <code class="docutils literal notranslate"><span class="pre">ConditionalGetMiddleware</span></code> causing <code class="docutils literal notranslate"><span class="pre">If-None-Match</span></code>
checks to always return HTTP 200 (<a class="reference external" href="https://code.djangoproject.com/ticket/26024">#26024</a>).</li>
<li>Fixed a regression that caused the &quot;user-tools&quot; items to display on the
admin's logout page (<a class="reference external" href="https://code.djangoproject.com/ticket/26035">#26035</a>).</li>
<li>Fixed a crash in the translations system when the current language has no
translations (<a class="reference external" href="https://code.djangoproject.com/ticket/26046">#26046</a>).</li>
<li>Fixed a regression that caused the incorrect day to be selected when opening
the admin calendar widget for timezones from GMT+0100 to GMT+1200
(<a class="reference external" href="https://code.djangoproject.com/ticket/24980">#24980</a>).</li>
<li>Fixed a regression in the admin's edit related model popup that caused an
escaped value to be displayed in the select dropdown of the parent window
(<a class="reference external" href="https://code.djangoproject.com/ticket/25997">#25997</a>).</li>
<li>Fixed a regression in 1.8.8 causing incorrect index handling in migrations on
PostgreSQL when adding <code class="docutils literal notranslate"><span class="pre">db_index=True</span></code> or <code class="docutils literal notranslate"><span class="pre">unique=True</span></code> to a
<code class="docutils literal notranslate"><span class="pre">CharField</span></code> or <code class="docutils literal notranslate"><span class="pre">TextField</span></code> that already had the other specified, or when
removing one of them from a field that had both, or when adding
<code class="docutils literal notranslate"><span class="pre">unique=True</span></code> to a field already listed in <code class="docutils literal notranslate"><span class="pre">unique_together</span></code>
(<a class="reference external" href="https://code.djangoproject.com/ticket/26034">#26034</a>).</li>
<li>Fixed a regression where defining a relation on an abstract model's field
using a string model name without an app_label no longer resolved that
reference to the abstract model's app if using that model in another
application (<a class="reference external" href="https://code.djangoproject.com/ticket/25858">#25858</a>).</li>
<li>Fixed a crash when destroying an existing test database on MySQL or
PostgreSQL (<a class="reference external" href="https://code.djangoproject.com/ticket/26096">#26096</a>).</li>
<li>Fixed CSRF cookie check on POST requests when <code class="docutils literal notranslate"><span class="pre">USE_X_FORWARDED_PORT=True</span></code>
(<a class="reference external" href="https://code.djangoproject.com/ticket/26094">#26094</a>).</li>
<li>Fixed a <code class="docutils literal notranslate"><span class="pre">QuerySet.order_by()</span></code> crash when ordering by a relational field of
a <code class="docutils literal notranslate"><span class="pre">ManyToManyField</span></code> <code class="docutils literal notranslate"><span class="pre">through</span></code> model (<a class="reference external" href="https://code.djangoproject.com/ticket/26092">#26092</a>).</li>
<li>Fixed a regression that caused an exception when making database queries on
SQLite with more than 2000 parameters when <a class="reference internal" href="../ref/settings.html#std:setting-DEBUG"><code class="xref std std-setting docutils literal notranslate"><span class="pre">DEBUG</span></code></a> is <code class="docutils literal notranslate"><span class="pre">True</span></code> on
distributions that increase the <code class="docutils literal notranslate"><span class="pre">SQLITE_MAX_VARIABLE_NUMBER</span></code> compile-time
limit to over 2000, such as Debian (<a class="reference external" href="https://code.djangoproject.com/ticket/26063">#26063</a>).</li>
<li>Fixed a crash when using a reverse <code class="docutils literal notranslate"><span class="pre">OneToOneField</span></code> in
<code class="docutils literal notranslate"><span class="pre">ModelAdmin.readonly_fields</span></code> (<a class="reference external" href="https://code.djangoproject.com/ticket/26060">#26060</a>).</li>
<li>Fixed a crash when calling the <code class="docutils literal notranslate"><span class="pre">migrate</span></code> command in a test case with the
<code class="docutils literal notranslate"><span class="pre">available_apps</span></code> attribute pointing to an application with migrations
disabled using the <code class="docutils literal notranslate"><span class="pre">MIGRATION_MODULES</span></code> setting (<a class="reference external" href="https://code.djangoproject.com/ticket/26135">#26135</a>).</li>
<li>Restored the ability for testing and debugging tools to determine the
template from which a node came from, even during template inheritance or
inclusion. Prior to Django 1.9, debugging tools could access the template
origin from the node via <code class="docutils literal notranslate"><span class="pre">Node.token.source[0]</span></code>. This was an undocumented,
private API. The origin is now available directly on each node using the
<code class="docutils literal notranslate"><span class="pre">Node.origin</span></code> attribute (<a class="reference external" href="https://code.djangoproject.com/ticket/25848">#25848</a>).</li>
<li>Fixed a regression in Django 1.8.5 that broke copying a <code class="docutils literal notranslate"><span class="pre">SimpleLazyObject</span></code>
with <code class="docutils literal notranslate"><span class="pre">copy.copy()</span></code> (<a class="reference external" href="https://code.djangoproject.com/ticket/26122">#26122</a>).</li>
<li>Always included <code class="docutils literal notranslate"><span class="pre">geometry_field</span></code> in the GeoJSON serializer output regardless
of the <code class="docutils literal notranslate"><span class="pre">fields</span></code> parameter (<a class="reference external" href="https://code.djangoproject.com/ticket/26138">#26138</a>).</li>
<li>Fixed the <code class="docutils literal notranslate"><span class="pre">contrib.gis</span></code> map widgets when using
<code class="docutils literal notranslate"><span class="pre">USE_THOUSAND_SEPARATOR=True</span></code> (<a class="reference external" href="https://code.djangoproject.com/ticket/20415">#20415</a>).</li>
<li>Made invalid forms display the initial of values of their disabled fields
(<a class="reference external" href="https://code.djangoproject.com/ticket/26129">#26129</a>).</li>
</ul>
</div>
</div>


          </div>
        </div>
      </div>
      
        
          <div class="yui-b" id="sidebar">
            
      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
        <div class="sphinxsidebarwrapper">
  <h3><a href="../contents.html">Table of Contents</a></h3>
  <ul>
<li><a class="reference internal" href="#">Django 1.9.2 release notes</a><ul>
<li><a class="reference internal" href="#security-issue-user-with-change-but-not-add-permission-can-create-objects-for-modeladmins-with-save-as-true">Security issue: User with &quot;change&quot; but not &quot;add&quot; permission can create objects for <code class="docutils literal notranslate"><span class="pre">ModelAdmin</span></code>’s with <code class="docutils literal notranslate"><span class="pre">save_as=True</span></code></a></li>
<li><a class="reference internal" href="#backwards-incompatible-change-py-tpl-files-rewritten-in-project-app-templates">Backwards incompatible change: <code class="docutils literal notranslate"><span class="pre">.py-tpl</span></code> files rewritten in project/app templates</a></li>
<li><a class="reference internal" href="#bugfixes">Bugfixes</a></li>
</ul>
</li>
</ul>

  <h4>上一个主题</h4>
  <p class="topless"><a href="1.9.3.html"
                        title="上一章">Django 1.9.3 release notes</a></p>
  <h4>下一个主题</h4>
  <p class="topless"><a href="1.9.1.html"
                        title="下一章">Django 1.9.1 release notes</a></p>
  <div role="note" aria-label="source link">
    <h3>本页</h3>
    <ul class="this-page-menu">
      <li><a href="../_sources/releases/1.9.2.txt"
            rel="nofollow">显示源代码</a></li>
    </ul>
   </div>
<div id="searchbox" style="display: none" role="search">
  <h3>快速搜索</h3>
    <div class="searchformwrapper">
    <form class="search" action="../search.html" method="get">
      <input type="text" name="q" />
      <input type="submit" value="转向" />
      <input type="hidden" name="check_keywords" value="yes" />
      <input type="hidden" name="area" value="default" />
    </form>
    </div>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
        </div>
      </div>
              <h3>Last update:</h3>
              <p class="topless">7月 23, 2021</p>
          </div>
        
      
    </div>

    <div id="ft">
      <div class="nav">
    &laquo; <a href="1.9.3.html" title="Django 1.9.3 release notes">previous</a>
     |
    <a href="index.html" title="Release notes" accesskey="U">up</a>
   |
    <a href="1.9.1.html" title="Django 1.9.1 release notes">next</a> &raquo;</div>
    </div>
  </div>

      <div class="clearer"></div>
    </div>
  </body>
</html>